NEW YORK (TheStreet) -- In many ways the recent hack attack on JPMorgan Chase (JPM) and four other, unnamed U.S. banks was not terribly unusual: a phishing email that, when clicked, opened malware that took control of target computers.
But the reaction was unusual. The FBI was called in and began looking for links between the attack and the ongoing struggle with the Russian government over Ukraine.
If war has begun, the thinking went, it's a cyberwar, and we are all in the front line.
TheStreet's Brittany Umar takes a closer look at the J.P. Morgan cyber attack:
Further investigation offered a different picture. Bloomberg learned the attack began months ago and took advantage of existing, known security flaws in the bank's infrastructure. The idea of Russian criminals seeking to exploit banks' cybersecurity holes to extract valuable personal data is a decade old.
Yet some experts still acted like this was DEFCON 1, with at least one soberly warning that a Digital Pearl Harbor is coming and America's cyberdefenses are no more ready for it than America was ready for war in Europe in 1938.
He's right. A recent Web audio conference I attended on Health IT security revealed that an attack against Community Health Systems (CYH) that drew all sorts of comment was actually caused by the "Heartbleed" bug, something that has been around since spring and was even the subject of a comic strip.
That is the real story here. Despite years of cyberattacks from criminals, many corporate and individual systems remain woefully insecure.
Security guru Bruce Schneier demonstrated this in a chart five years ago, describing the "window of exposure" in hack attacks. The danger from a bug rises quickly from the time it is discovered until it's patched, then goes down. But security never reaches the prebug level because users are lazy about installing patches. The best lock in the world is no good if it isn't installed, and many digital locks just aren't installed.
Proprietary software companies such as Microsoft (MSFT) have used this window-of-exposure concept in arguing against the use of open source software, noting that they issue patches every week but most open source patches are delivered on an ad-hoc basis, unless you're using a commercial provider such as Red Hat (RHT) for your open source software.
So the security experts are right. If we are hearing the drumbeats of war, our computers are on the front line. In that event it becomes your patriotic duty to patch, not only operating system flaws, but application flaws as well. Keeping your software updated will become, in our time, the equivalent of the old idiom "Loose lips sink ships." Maybe loose lips sink chips.
This is going to put new pressure on Google (GOOG) to update Android phones more regularly and for longer periods of time. It's going to mean new profits for security companies such as Splunk (SPLK) , which saw its shares surge Friday on an earnings beat but is still down for the year and remains well below levels achieved in February, when Vladimir Putin was a cuddly bear enjoying the Sochi Olympics.
So the warning has been issued, and every company you do business with, or invest in, has been told what it needs to do. But will they do it before the Digital Pearl Harbor actually strikes?
If history is any guide, that's unlikely.
At the time of publication the author owned shares of GOOG and GOOGL.
This article is commentary by an independent contributor, separate from TheStreet's regular news coverage.
TheStreet Ratings team rates SPLUNK INC as a Sell with a ratings score of D. TheStreet Ratings Team has this to say about their recommendation:
"We rate SPLUNK INC (SPLK) a SELL. This is driven by multiple weaknesses, which we believe should have a greater impact than any strengths, and could make it more difficult for investors to achieve positive results compared to most of the stocks we cover. The company's weaknesses can be seen in multiple areas, such as its deteriorating net income, disappointing return on equity, weak operating cash flow, generally disappointing historical performance in the stock itself and feeble growth in its earnings per share."
You can view the full analysis from the report here: SPLK Ratings Report
TheStreet Ratings team rates RED HAT INC as a Buy with a ratings score of B. TheStreet Ratings Team has this to say about their recommendation:
"We rate RED HAT INC (RHT) a BUY. This is driven by some important positives, which we believe should have a greater impact than any weaknesses, and should give investors a better performance opportunity than most stocks we cover. The company's strengths can be seen in multiple areas, such as its robust revenue growth, expanding profit margins, good cash flow from operations, increase in stock price during the past year and largely solid financial position with reasonable debt levels by most measures. We feel these strengths outweigh the fact that the company has had sub par growth in net income."
You can view the full analysis from the report here: RHT Ratings Report